undefined | Better HN

0 pointsjimrandomh10y ago0 comments

No, the property you describe is called "preimage resistance". Collision resistance is stronger; it states that an attacker should not be able to create a pair of inputs with the same hash. In the case of md5, creating a pair of inputs with the same hash is easier than creating another input with the same hash as something else which you didn't yourself generate.

The MD5 algorithm is known to lack collision resistance, but whether it has preimage resistance is less certain; mathematical advances have weakened its preimage resistance, but not yet to the point of demonstrating a practical preimage attack.

0 comments

garrettr_10y ago

Nitpick: the property OP describes is actually second pre-image resistance, not preimage resistance (or collision resistance). See https://en.wikipedia.org/wiki/Cryptographic_hash_function#Pr...

kedean10y ago

My mistake, I always mixed those two up. Both properties address OP, though, as MD5 is not suspected to have preimage resistance either (it's just not to the point of somebody having done it yet).

4mnt10y ago

> In the case of md5, creating a pair of inputs with the same hash is easier than creating another input with the same hash as something else which you didn't yourself generate.

This is the case with all instances of seeking a collision, due to the birthday paradox [0]

0: https://en.wikipedia.org/wiki/Birthday_attack

cstejerean10y ago

The birthday paradox helps with the case of finding any two random inputs that have the same hash. The problem with MD5 is that it's feasible to craft two specific inputs that happen to have the same hash.

j / k navigate · click thread line to collapse